create-aws-project 1.2.1

package/dist/generator/generate-project.js

@@ -0,0 +1,81 @@
+import { existsSync, statSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import pc from 'picocolors';
+import { copyFileWithTokens, copyDirectoryWithTokens } from './copy-file.js';
+import { deriveTokenValues, templateManifest } from '../templates/index.js';
+/**
+ * Get the templates directory path
+ */
+function getTemplatesDir() {
+    const __filename = fileURLToPath(import.meta.url);
+    const __dirname = dirname(__filename);
+    // Navigate from dist/src/generator to templates/
+    return join(__dirname, '..', '..', 'templates');
+}
+/**
+ * Copy a template entry (file or directory) to output
+ */
+function copyTemplateEntry(entry, templatesDir, outputDir, tokens) {
+    const srcPath = join(templatesDir, entry.src);
+    const destPath = join(outputDir, entry.dest);
+    if (!existsSync(srcPath)) {
+        console.warn(`Warning: Template not found: ${entry.src}`);
+        return;
+    }
+    const stats = statSync(srcPath);
+    if (stats.isDirectory()) {
+        copyDirectoryWithTokens(srcPath, destPath, tokens);
+    }
+    else {
+        copyFileWithTokens(srcPath, destPath, tokens);
+    }
+}
+/**
+ * Generate a project from templates based on user configuration
+ * @param config - User's project configuration from wizard
+ * @param outputDir - Directory where project will be created
+ * @param options - Optional generation options including progress callback
+ */
+export async function generateProject(config, outputDir, options = {}) {
+    const { onProgress = (msg) => console.log(msg) } = options;
+    const templatesDir = getTemplatesDir();
+    const tokens = deriveTokenValues(config);
+    onProgress(pc.cyan('Creating project structure...'));
+    // 1. Copy all shared files
+    onProgress('  Copying shared configuration...');
+    for (const entry of templateManifest.shared) {
+        copyTemplateEntry(entry, templatesDir, outputDir, tokens);
+    }
+    // 2. Copy platform-specific files based on user selection
+    for (const platform of config.platforms) {
+        onProgress(`  Copying ${platform} app...`);
+        const platformEntries = templateManifest.byPlatform[platform];
+        if (platformEntries) {
+            for (const entry of platformEntries) {
+                copyTemplateEntry(entry, templatesDir, outputDir, tokens);
+            }
+        }
+    }
+    // 3. Copy feature-specific files based on user selection
+    for (const feature of config.features) {
+        onProgress(`  Adding ${feature}...`);
+        const featureEntries = templateManifest.byFeature[feature];
+        if (featureEntries) {
+            for (const entry of featureEntries) {
+                copyTemplateEntry(entry, templatesDir, outputDir, tokens);
+            }
+        }
+    }
+    // 4. Copy auth provider-specific files based on user selection
+    if (config.auth.provider !== 'none') {
+        onProgress(`  Adding ${config.auth.provider} authentication...`);
+        const authEntries = templateManifest.byAuthProvider[config.auth.provider];
+        if (authEntries) {
+            for (const entry of authEntries) {
+                copyTemplateEntry(entry, templatesDir, outputDir, tokens);
+            }
+        }
+    }
+    onProgress(pc.green('✔') + ' Project structure created');
+}

package/dist/generator/index.d.ts

@@ -0,0 +1,4 @@
+export { replaceTokens } from './replace-tokens.js';
+export { copyFileWithTokens, copyDirectoryWithTokens } from './copy-file.js';
+export { generateProject } from './generate-project.js';
+export type { GenerateOptions } from './generate-project.js';

package/dist/generator/index.js

@@ -0,0 +1,3 @@
+export { replaceTokens } from './replace-tokens.js';
+export { copyFileWithTokens, copyDirectoryWithTokens } from './copy-file.js';
+export { generateProject } from './generate-project.js';

package/dist/generator/replace-tokens.d.ts

@@ -0,0 +1,29 @@
+import type { TokenValues } from '../templates/types.js';
+/**
+ * Process conditional blocks in content based on token values.
+ *
+ * Supports two formats:
+ * 1. Comment-wrapped (for TypeScript/JavaScript files):
+ *    // {{#if TOKEN}}
+ *    import { Something } from './something';
+ *    // {{/if TOKEN}}
+ *
+ * 2. Plain (for other file types):
+ *    {{#if TOKEN}}
+ *    Some content
+ *    {{/if TOKEN}}
+ *
+ * @param content - File content with conditional blocks
+ * @param tokens - Token values (value of 'true' keeps content, anything else removes it)
+ * @returns Content with conditional blocks processed
+ */
+export declare function processConditionalBlocks(content: string, tokens: TokenValues): string;
+/**
+ * Replace all {{TOKEN}} placeholders in content with actual values.
+ * Processes conditional blocks first, then replaces remaining tokens.
+ *
+ * @param content - File content with {{TOKEN}} placeholders and conditional blocks
+ * @param tokens - Token values to substitute
+ * @returns Content with conditionals processed and all tokens replaced
+ */
+export declare function replaceTokens(content: string, tokens: TokenValues): string;

package/dist/generator/replace-tokens.js

@@ -0,0 +1,68 @@
+import { TOKEN_PATTERN } from '../templates/tokens.js';
+/**
+ * Pattern to match comment-wrapped conditional blocks:
+ * // {{#if TOKEN}}
+ * ...content...
+ * // {{/if TOKEN}}
+ *
+ * Uses non-greedy matching and backreference to ensure opening/closing tokens match.
+ */
+const COMMENT_CONDITIONAL_PATTERN = /\/\/\s*\{\{#if\s+(\w+)\}\}\r?\n([\s\S]*?)\/\/\s*\{\{\/if\s+\1\}\}\r?\n?/g;
+/**
+ * Pattern to match plain conditional blocks (without comment prefix):
+ * {{#if TOKEN}}
+ * ...content...
+ * {{/if TOKEN}}
+ */
+const PLAIN_CONDITIONAL_PATTERN = /\{\{#if\s+(\w+)\}\}\r?\n?([\s\S]*?)\{\{\/if\s+\1\}\}\r?\n?/g;
+/**
+ * Process conditional blocks in content based on token values.
+ *
+ * Supports two formats:
+ * 1. Comment-wrapped (for TypeScript/JavaScript files):
+ *    // {{#if TOKEN}}
+ *    import { Something } from './something';
+ *    // {{/if TOKEN}}
+ *
+ * 2. Plain (for other file types):
+ *    {{#if TOKEN}}
+ *    Some content
+ *    {{/if TOKEN}}
+ *
+ * @param content - File content with conditional blocks
+ * @param tokens - Token values (value of 'true' keeps content, anything else removes it)
+ * @returns Content with conditional blocks processed
+ */
+export function processConditionalBlocks(content, tokens) {
+    let result = content;
+    // Process comment-wrapped conditionals first (more specific pattern)
+    result = result.replace(COMMENT_CONDITIONAL_PATTERN, (_match, tokenName, blockContent) => {
+        const tokenValue = tokens[tokenName];
+        // Keep content if token value is exactly 'true', otherwise remove entire block
+        return tokenValue === 'true' ? blockContent : '';
+    });
+    // Process plain conditionals
+    result = result.replace(PLAIN_CONDITIONAL_PATTERN, (_match, tokenName, blockContent) => {
+        const tokenValue = tokens[tokenName];
+        // Keep content if token value is exactly 'true', otherwise remove entire block
+        return tokenValue === 'true' ? blockContent : '';
+    });
+    return result;
+}
+/**
+ * Replace all {{TOKEN}} placeholders in content with actual values.
+ * Processes conditional blocks first, then replaces remaining tokens.
+ *
+ * @param content - File content with {{TOKEN}} placeholders and conditional blocks
+ * @param tokens - Token values to substitute
+ * @returns Content with conditionals processed and all tokens replaced
+ */
+export function replaceTokens(content, tokens) {
+    // Process conditional blocks BEFORE token replacement
+    const processedContent = processConditionalBlocks(content, tokens);
+    // Then replace individual tokens
+    return processedContent.replace(TOKEN_PATTERN, (match, tokenName) => {
+        const value = tokens[tokenName];
+        return value !== undefined ? value : match; // Keep original if unknown token
+    });
+}

package/dist/github/secrets.d.ts

@@ -0,0 +1,109 @@
+import { Octokit } from '@octokit/rest';
+/**
+ * GitHub secrets service module
+ *
+ * Provides functions to manage GitHub environment secrets
+ * for AWS deployment credentials via the GitHub REST API.
+ *
+ * Uses GitHub Environments to organize secrets by environment (dev, stage, prod),
+ * with the same secret names in each environment (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY).
+ */
+/**
+ * Creates a configured Octokit client
+ * @param token - GitHub Personal Access Token (requires `repo` scope)
+ * @returns Configured Octokit instance
+ */
+export declare function createGitHubClient(token: string): Octokit;
+/**
+ * Public key for encrypting secrets
+ */
+export interface PublicKey {
+    keyId: string;
+    key: string;
+}
+/**
+ * Fetches the repository's public key for encrypting secrets
+ * @param client - Octokit instance
+ * @param owner - Repository owner (username or organization)
+ * @param repo - Repository name
+ * @returns Public key ID and base64-encoded key
+ */
+export declare function getRepositoryPublicKey(client: Octokit, owner: string, repo: string): Promise<PublicKey>;
+/**
+ * Encrypts a secret value using the repository's public key
+ * @param publicKey - Base64-encoded repository public key
+ * @param secretValue - Plain text secret value to encrypt
+ * @returns Base64-encoded encrypted value
+ */
+export declare function encryptSecret(publicKey: string, secretValue: string): Promise<string>;
+/**
+ * Creates or ensures a GitHub environment exists
+ * @param client - Octokit instance
+ * @param owner - Repository owner
+ * @param repo - Repository name
+ * @param environmentName - Name of the environment (e.g., dev, stage, prod)
+ */
+export declare function ensureEnvironmentExists(client: Octokit, owner: string, repo: string, environmentName: string): Promise<void>;
+/**
+ * Fetches the environment's public key for encrypting secrets
+ * @param client - Octokit instance
+ * @param owner - Repository owner
+ * @param repo - Repository name
+ * @param environmentName - Name of the environment
+ * @returns Public key ID and base64-encoded key
+ */
+export declare function getEnvironmentPublicKey(client: Octokit, owner: string, repo: string, environmentName: string): Promise<PublicKey>;
+/**
+ * Sets (creates or updates) an environment secret
+ * @param client - Octokit instance
+ * @param owner - Repository owner
+ * @param repo - Repository name
+ * @param environmentName - Name of the environment
+ * @param secretName - Name of the secret (e.g., AWS_ACCESS_KEY_ID)
+ * @param secretValue - Plain text secret value
+ */
+export declare function setEnvironmentSecret(client: Octokit, owner: string, repo: string, environmentName: string, secretName: string, secretValue: string): Promise<void>;
+/**
+ * Sets (creates or updates) a repository secret
+ * @param client - Octokit instance
+ * @param owner - Repository owner
+ * @param repo - Repository name
+ * @param secretName - Name of the secret (e.g., AWS_ACCESS_KEY_ID_DEV)
+ * @param secretValue - Plain text secret value
+ */
+export declare function setRepositorySecret(client: Octokit, owner: string, repo: string, secretName: string, secretValue: string): Promise<void>;
+/**
+ * Sets AWS credentials as environment secrets for a specific GitHub environment
+ *
+ * Creates the GitHub environment if it doesn't exist, then sets AWS_ACCESS_KEY_ID
+ * and AWS_SECRET_ACCESS_KEY as secrets within that environment.
+ *
+ * @param client - Octokit instance
+ * @param owner - Repository owner
+ * @param repo - Repository name
+ * @param environment - Environment name (e.g., dev, stage, prod)
+ * @param accessKeyId - AWS Access Key ID
+ * @param secretAccessKey - AWS Secret Access Key
+ */
+export declare function setEnvironmentCredentials(client: Octokit, owner: string, repo: string, environment: string, accessKeyId: string, secretAccessKey: string): Promise<void>;
+/**
+ * Parsed GitHub repository URL
+ */
+export interface GitHubRepoInfo {
+    owner: string;
+    repo: string;
+}
+/**
+ * Parses a GitHub repository URL to extract owner and repo
+ * @param url - GitHub repository URL in various formats
+ * @returns Parsed owner and repo
+ * @throws Error if URL format is not recognized
+ *
+ * Supported formats:
+ * - https://github.com/owner/repo
+ * - https://github.com/owner/repo.git
+ * - git@github.com:owner/repo.git
+ * - git@github.com:owner/repo
+ * - owner/repo
+ */
+export declare function parseGitHubUrl(url: string): GitHubRepoInfo;

package/dist/github/secrets.js

@@ -0,0 +1,275 @@
+import { Octokit } from '@octokit/rest';
+import nacl from 'tweetnacl';
+import naclUtil from 'tweetnacl-util';
+import pc from 'picocolors';
+const { decodeUTF8, encodeBase64, decodeBase64 } = naclUtil;
+/**
+ * GitHub secrets service module
+ *
+ * Provides functions to manage GitHub environment secrets
+ * for AWS deployment credentials via the GitHub REST API.
+ *
+ * Uses GitHub Environments to organize secrets by environment (dev, stage, prod),
+ * with the same secret names in each environment (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY).
+ */
+/**
+ * Creates a configured Octokit client
+ * @param token - GitHub Personal Access Token (requires `repo` scope)
+ * @returns Configured Octokit instance
+ */
+export function createGitHubClient(token) {
+    return new Octokit({
+        auth: token,
+    });
+}
+/**
+ * Fetches the repository's public key for encrypting secrets
+ * @param client - Octokit instance
+ * @param owner - Repository owner (username or organization)
+ * @param repo - Repository name
+ * @returns Public key ID and base64-encoded key
+ */
+export async function getRepositoryPublicKey(client, owner, repo) {
+    try {
+        const response = await client.actions.getRepoPublicKey({
+            owner,
+            repo,
+        });
+        return {
+            keyId: response.data.key_id,
+            key: response.data.key,
+        };
+    }
+    catch (error) {
+        if (error instanceof Error && 'status' in error && error.status === 401) {
+            throw new Error('GitHub authentication failed. Ensure your token has the "repo" scope for repository secrets access.');
+        }
+        throw error;
+    }
+}
+/**
+ * Encrypts a secret value using the repository's public key
+ * @param publicKey - Base64-encoded repository public key
+ * @param secretValue - Plain text secret value to encrypt
+ * @returns Base64-encoded encrypted value
+ */
+export async function encryptSecret(publicKey, secretValue) {
+    // Decode the public key from base64
+    const publicKeyBytes = decodeBase64(publicKey);
+    // Convert the secret value to UTF-8 bytes
+    const secretBytes = decodeUTF8(secretValue);
+    // Encrypt using libsodium sealed box (via tweetnacl)
+    const encryptedBytes = naclSealedBox(secretBytes, publicKeyBytes);
+    // Return base64-encoded encrypted value
+    return encodeBase64(encryptedBytes);
+}
+/**
+ * Sealed box encryption compatible with GitHub's libsodium implementation
+ */
+function naclSealedBox(message, publicKey) {
+    // Generate ephemeral key pair
+    const ephemeralKeyPair = nacl.box.keyPair();
+    // Compute nonce from ephemeral public key and recipient public key
+    const nonce = new Uint8Array(nacl.box.nonceLength);
+    const nonceInput = new Uint8Array(ephemeralKeyPair.publicKey.length + publicKey.length);
+    nonceInput.set(ephemeralKeyPair.publicKey);
+    nonceInput.set(publicKey, ephemeralKeyPair.publicKey.length);
+    // Use first 24 bytes of blake2b hash as nonce (simplified: use crypto hash)
+    const hashBytes = naclHash(nonceInput).slice(0, nacl.box.nonceLength);
+    nonce.set(hashBytes);
+    // Encrypt the message
+    const ciphertext = nacl.box(message, nonce, publicKey, ephemeralKeyPair.secretKey);
+    if (!ciphertext) {
+        throw new Error('Encryption failed');
+    }
+    // Concatenate ephemeral public key and ciphertext (sealed box format)
+    const sealedBox = new Uint8Array(ephemeralKeyPair.publicKey.length + ciphertext.length);
+    sealedBox.set(ephemeralKeyPair.publicKey);
+    sealedBox.set(ciphertext, ephemeralKeyPair.publicKey.length);
+    return sealedBox;
+}
+/**
+ * Simple hash function for nonce generation
+ */
+function naclHash(input) {
+    return nacl.hash(input);
+}
+/**
+ * Creates or ensures a GitHub environment exists
+ * @param client - Octokit instance
+ * @param owner - Repository owner
+ * @param repo - Repository name
+ * @param environmentName - Name of the environment (e.g., dev, stage, prod)
+ */
+export async function ensureEnvironmentExists(client, owner, repo, environmentName) {
+    try {
+        // PUT request creates or updates the environment
+        await client.request('PUT /repos/{owner}/{repo}/environments/{environment_name}', {
+            owner,
+            repo,
+            environment_name: environmentName,
+        });
+    }
+    catch (error) {
+        if (error instanceof Error && 'status' in error && error.status === 401) {
+            throw new Error('GitHub authentication failed. Ensure your token has the "repo" scope for environment access.');
+        }
+        throw error;
+    }
+}
+/**
+ * Fetches the environment's public key for encrypting secrets
+ * @param client - Octokit instance
+ * @param owner - Repository owner
+ * @param repo - Repository name
+ * @param environmentName - Name of the environment
+ * @returns Public key ID and base64-encoded key
+ */
+export async function getEnvironmentPublicKey(client, owner, repo, environmentName) {
+    try {
+        const response = await client.request('GET /repos/{owner}/{repo}/environments/{environment_name}/secrets/public-key', {
+            owner,
+            repo,
+            environment_name: environmentName,
+        });
+        return {
+            keyId: response.data.key_id,
+            key: response.data.key,
+        };
+    }
+    catch (error) {
+        if (error instanceof Error && 'status' in error && error.status === 401) {
+            throw new Error('GitHub authentication failed. Ensure your token has the "repo" scope for environment secrets access.');
+        }
+        throw error;
+    }
+}
+/**
+ * Sets (creates or updates) an environment secret
+ * @param client - Octokit instance
+ * @param owner - Repository owner
+ * @param repo - Repository name
+ * @param environmentName - Name of the environment
+ * @param secretName - Name of the secret (e.g., AWS_ACCESS_KEY_ID)
+ * @param secretValue - Plain text secret value
+ */
+export async function setEnvironmentSecret(client, owner, repo, environmentName, secretName, secretValue) {
+    try {
+        // Get the environment's public key
+        const publicKey = await getEnvironmentPublicKey(client, owner, repo, environmentName);
+        // Encrypt the secret value
+        const encryptedValue = await encryptSecret(publicKey.key, secretValue);
+        // Set the environment secret
+        await client.request('PUT /repos/{owner}/{repo}/environments/{environment_name}/secrets/{secret_name}', {
+            owner,
+            repo,
+            environment_name: environmentName,
+            secret_name: secretName,
+            encrypted_value: encryptedValue,
+            key_id: publicKey.keyId,
+        });
+    }
+    catch (error) {
+        if (error instanceof Error && 'status' in error && error.status === 401) {
+            throw new Error('GitHub authentication failed. Ensure your token has the "repo" scope for environment secrets access.');
+        }
+        throw error;
+    }
+}
+/**
+ * Sets (creates or updates) a repository secret
+ * @param client - Octokit instance
+ * @param owner - Repository owner
+ * @param repo - Repository name
+ * @param secretName - Name of the secret (e.g., AWS_ACCESS_KEY_ID_DEV)
+ * @param secretValue - Plain text secret value
+ */
+export async function setRepositorySecret(client, owner, repo, secretName, secretValue) {
+    try {
+        // Get the repository's public key
+        const publicKey = await getRepositoryPublicKey(client, owner, repo);
+        // Encrypt the secret value
+        const encryptedValue = await encryptSecret(publicKey.key, secretValue);
+        // Set the secret
+        await client.actions.createOrUpdateRepoSecret({
+            owner,
+            repo,
+            secret_name: secretName,
+            encrypted_value: encryptedValue,
+            key_id: publicKey.keyId,
+        });
+    }
+    catch (error) {
+        if (error instanceof Error && 'status' in error && error.status === 401) {
+            throw new Error('GitHub authentication failed. Ensure your token has the "repo" scope for repository secrets access.');
+        }
+        throw error;
+    }
+}
+/**
+ * Sets AWS credentials as environment secrets for a specific GitHub environment
+ *
+ * Creates the GitHub environment if it doesn't exist, then sets AWS_ACCESS_KEY_ID
+ * and AWS_SECRET_ACCESS_KEY as secrets within that environment.
+ *
+ * @param client - Octokit instance
+ * @param owner - Repository owner
+ * @param repo - Repository name
+ * @param environment - Environment name (e.g., dev, stage, prod)
+ * @param accessKeyId - AWS Access Key ID
+ * @param secretAccessKey - AWS Secret Access Key
+ */
+export async function setEnvironmentCredentials(client, owner, repo, environment, accessKeyId, secretAccessKey) {
+    // Ensure the GitHub environment exists
+    console.log(pc.dim(`  Creating/verifying "${environment}" environment...`));
+    await ensureEnvironmentExists(client, owner, repo, environment);
+    // Set AWS credentials as environment secrets (same names in each environment)
+    console.log(pc.dim(`  Setting AWS_ACCESS_KEY_ID in "${environment}" environment...`));
+    await setEnvironmentSecret(client, owner, repo, environment, 'AWS_ACCESS_KEY_ID', accessKeyId);
+    console.log(pc.dim(`  Setting AWS_SECRET_ACCESS_KEY in "${environment}" environment...`));
+    await setEnvironmentSecret(client, owner, repo, environment, 'AWS_SECRET_ACCESS_KEY', secretAccessKey);
+    console.log(pc.green(`  Credentials set for "${environment}" environment`));
+}
+/**
+ * Parses a GitHub repository URL to extract owner and repo
+ * @param url - GitHub repository URL in various formats
+ * @returns Parsed owner and repo
+ * @throws Error if URL format is not recognized
+ *
+ * Supported formats:
+ * - https://github.com/owner/repo
+ * - https://github.com/owner/repo.git
+ * - git@github.com:owner/repo.git
+ * - git@github.com:owner/repo
+ * - owner/repo
+ */
+export function parseGitHubUrl(url) {
+    // Remove trailing slashes and .git suffix
+    let cleanUrl = url.trim().replace(/\/$/, '').replace(/\.git$/, '');
+    // Format: https://github.com/owner/repo
+    const httpsMatch = cleanUrl.match(/^https?:\/\/github\.com\/([^/]+)\/([^/]+)$/);
+    if (httpsMatch) {
+        return {
+            owner: httpsMatch[1],
+            repo: httpsMatch[2],
+        };
+    }
+    // Format: git@github.com:owner/repo
+    const sshMatch = cleanUrl.match(/^git@github\.com:([^/]+)\/([^/]+)$/);
+    if (sshMatch) {
+        return {
+            owner: sshMatch[1],
+            repo: sshMatch[2],
+        };
+    }
+    // Format: owner/repo
+    const shortMatch = cleanUrl.match(/^([^/]+)\/([^/]+)$/);
+    if (shortMatch) {
+        return {
+            owner: shortMatch[1],
+            repo: shortMatch[2],
+        };
+    }
+    throw new Error(`Unable to parse GitHub URL: ${url}. ` +
+        'Expected formats: https://github.com/owner/repo, git@github.com:owner/repo, or owner/repo');
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,6 @@
+#!/usr/bin/env node
+import { run } from './cli.js';
+run().catch((error) => {
+    console.error(error);
+    process.exit(1);
+});

package/dist/prompts/auth.d.ts

@@ -0,0 +1,3 @@
+import type { PromptObject } from 'prompts';
+export declare const authProviderPrompt: PromptObject;
+export declare const authFeaturesPrompt: PromptObject;

package/dist/prompts/auth.js

@@ -0,0 +1,23 @@
+import pc from 'picocolors';
+export const authProviderPrompt = {
+    type: 'select',
+    name: 'authProvider',
+    message: 'Authentication provider:',
+    choices: [
+        { title: `${pc.yellow('○')} None (add later)`, value: 'none' },
+        { title: `${pc.cyan('◆')} AWS Cognito`, value: 'cognito' },
+        { title: `${pc.magenta('◆')} Auth0`, value: 'auth0' },
+    ],
+    initial: 0,
+    hint: '- Cognito for AWS-native, Auth0 for flexibility'
+};
+export const authFeaturesPrompt = {
+    type: (prev) => prev !== 'none' ? 'multiselect' : null,
+    name: 'authFeatures',
+    message: 'Auth features (space to toggle):',
+    choices: [
+        { title: 'Social Login (Google, GitHub)', value: 'social-login', selected: false },
+        { title: 'Multi-Factor Authentication (MFA)', value: 'mfa', selected: false },
+    ],
+    hint: '- Email/password always included'
+};

package/dist/prompts/aws-config.d.ts

@@ -0,0 +1,2 @@
+import type { PromptObject } from 'prompts';
+export declare const awsRegionPrompt: PromptObject;

package/dist/prompts/aws-config.js

@@ -0,0 +1,14 @@
+export const awsRegionPrompt = {
+    type: 'select',
+    name: 'awsRegion',
+    message: 'AWS Region:',
+    choices: [
+        { title: 'US East (N. Virginia) - us-east-1', value: 'us-east-1' },
+        { title: 'US West (Oregon) - us-west-2', value: 'us-west-2' },
+        { title: 'EU (Ireland) - eu-west-1', value: 'eu-west-1' },
+        { title: 'EU (Frankfurt) - eu-central-1', value: 'eu-central-1' },
+        { title: 'Asia Pacific (Tokyo) - ap-northeast-1', value: 'ap-northeast-1' },
+        { title: 'Asia Pacific (Sydney) - ap-southeast-2', value: 'ap-southeast-2' }
+    ],
+    initial: 0
+};

package/dist/prompts/features.d.ts

@@ -0,0 +1,2 @@
+import type { PromptObject } from 'prompts';
+export declare const featuresPrompt: PromptObject;

package/dist/prompts/features.js

@@ -0,0 +1,10 @@
+export const featuresPrompt = {
+    type: 'multiselect',
+    name: 'features',
+    message: 'Include optional features (space to toggle):',
+    choices: [
+        { title: 'GitHub Actions (CI/CD workflows)', value: 'github-actions', selected: true },
+        { title: 'VSCode Config (settings, extensions)', value: 'vscode-config', selected: true }
+    ],
+    hint: '- All optional'
+};